Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apple TV < 6.1.1 Multiple Vulnerabilities



The version of this Apple TV device is not current and is thus open to multiple vulnerabilities.


The following have since been patched in version 6.1.1:

- Set-Cookie HTTP headers are processed even if the connection closed before the header was complete. An attacker could leverage this to strip security settings and obtain the HTTP cookie. (CVE-2014-1296) - Information disclosure due to the IOKit object storing kernel pointers, which could be used by a local attacker to defeat kernel address space layout randomization. (CVE-2014-1320) - A 'triple handshake' vulnerability could be leveraged by an attacker on the local network to perform a man-in-the-middle attack. (CVE-2014-1295) - Multiple memory corruption issues in the underlying WebKit library. (CVE-2013-2871, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1302, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1310, CVE-2014-1311, CVE-2014-1312, CVE-2014-1313, CVE-2014-1713)


Upgrade Apple TV to 6.1.1, or later.